RARSTONE
Posted: June 18, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 63 |
| First Seen: | June 18, 2013 |
|---|---|
| OS(es) Affected: | Windows |
RARSTONE is a backdoor Trojan and Remote Access Tool (or RAT) that currently is being distributed throughout Asia via targeted e-mail attacks against various industries. RARSTONE, which may be a spinoff of the BKDR_PLUGX family of similar Trojans, is designed to disable security programs that could hinder its aggression and grants control of your PC to criminals without showing any major symptoms of the attacks. SpywareRemove.com malware researchers always encourage using powerful anti-malware software and reliable security strategies for deleting high-level threats, and the same goes for deleting RARSTONE, which may steal sensitive information or install other types of malware if RARSTONE is not removed with sufficient promptness.
The Hidden Lodestone Around Your PC's Neck
Industrial saboteur-based PC threats usually distribute their initial infections through targeted e-mail messages, with RARSTONE as a clear case of this reliable attack method still being exploited by sophisticated networks of criminals. E-mails for RARSTONE carry fake document files that actually are Trojan droppers with embedded vulnerability exploits that allow them to install RARSTONE once they're opened while also opening a real document to distract you from the attack. SpywareRemove.com malware researchers have seen this attack method almost too many times to count, with examples of similar operations including those for other backdoor Trojans like BKDR_BRIBA.EVL, members of the PlugX family, Enfal, Dorifel, MiniDuke and Trojan.Taidoor.
With RARSTONE installed, RARSTONE will scan your Registry (a basic component of all major operating systems) for any uninstall entries that are related to specific security programs and, if appropriate, uninstall these programs. Even if your security software isn't harmed in this attack, RARSTONE's contents are injected into memory, preventing typical file-analysis tools from detecting its presence.
A third defense employed by RARSTONE is its use of SSL encryption – a feature that normally is used to protect sensitive data traffic, but which also can be abused by RARSTONE and other advanced PC threats. This encryption can prevent security software from identifying RARSTONE's data traffic as malicious.
Lightening the Weight of Your RARSTONE Troubles
Setting its advanced defenses aside, RARSTONE is equipped with all of the offensive features that any criminal could hope to have from a backdoor Trojan. RARSTONE may be used to steal personal information, install other malware with their own specialized attacks, change your PC's basic settings or let criminals achieve direct control over your computer. SpywareRemove.com malware experts also suggest that you be cautious about sharing removable storage drives (such as USB thumb drives) around a PC that may be infected by RARSTONE – since most PC threats designed to attack industries in this way also include secondary infection methods for such devices.
Besides various government agencies, other victims of RARSTONE's attack campaign include communications companies, media companies and oil companies, amongst others – all of which are frequent targets for high-level attacks by PC threats aimed at dismantling computer security for the sake of stealing confidential information. Most RARSTONE targets currently are in Asia, although RARSTONE's attacks also may be efficacious against computers in other regions.
Any suspected RARSTONE infection should be dealt with by using any means needed to disable RARSTONE, followed by using advanced anti-malware software with a good track record against memory-injecting PC threats to delete RARSTONE itself.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.